By Editor
If forewarned is forearmed, then at least organizations have a fighting chance as Kaspersky reveals its predictions for the biggest online threats in 2015 with APTs expected to run rampant this year
014 was a busy year in the global online threat landscape, with Advanced Persistent Threats (APTs) taking centre stage. And 2015 will be no different. Cyber criminals will, unfortunately, pick from lessons and experiences learnt in 2014 to try to inflict even more financial damage on individuals and organizations the world over, according to Costin Raiu, director of Kaspersky Lab’s Global Research and Analysis Team (GReAT).
In a recent webinar, Costin observed that Kaspersky was responsible for uncovering some of the nastiest APTs out there including Duqu, Flame, Gauss, Red October among others.
Kaspersky Lab believes that APTs will play an important role in 2015 and deserve special attention, both from an intelligence point of view and with technologies designed to stop them.
2014, Costin revealed, saw the merger of cyber-crime and APTs with banks being increasingly breached using APT tools. In 2015, Kaspersky predicts, there will be more direct attacks targeted at banks and not their users unlike the past as cyber criminals now possess stronger capabilities.
Last year also saw the fragmentation of some of the biggest APT groups and the creation of new groups mainly due to the naming and shaming campaigns by government authorities. “These new groups will in 2015 launch attacks on their own and so we can expect more organizations to be targeted simply because of a larger attack base,” Costin said.
There is also a range of evolving malware techniques with more malware being updated for 64-bit systems. These include networking equipment, servers etc. Kaspersky forecasts more sophisticated malware implants and enhanced evasion techniques in 2015.
2014 also saw new methods of data infiltration through compromised trusted websites. These were done through DNS requests via cloud services such as Dropbox, Costin reveals. “In the future, it will get increasingly harder to identify and prevent threats,” Costin says, adding, “The prediction for this year is that more groups will adopt the use of cloud platforms to breach networks”.
State sponsored cyber warfare also gained new traction as more countries continued to join the cyber-arms race. This, Costin said, is evident in a number of unusual languages seen in APTs like German, Italian, Spanish, Korean, Arabic and more. Kaspersky foresees more state actors join the cyber-arms race and develop cyber-espionage capabilities.
Last year also saw the increased use of false flags with APT groups adopting malware commonly used by other APT groups, Costin explained. With governments increasingly keen to name and shame campaigns, APT groups will adjust their operations through false flags.
There was a rise of attacks on mobile platforms as smartphones become the primary means of internet communications for most people. It’s easier for attackers to listen in on conversations on mobiles and conversely very difficult to detect, Costin observed. “In 2015 expect more mobile specific malware for Android and jail-broken iPhones,” he added.
There was also an increase of targeting hotel Wi-Fi networks in 2014, an easy way of targeting a particular category of people-namely corporate executives. Expect more capabilities from cyber criminals on this front, Kaspersky said.
There was also the coming together of APT and Botnet targeted at mass surveillance. For example Flame and Gauss in 2012 were designed for mass surveillance by targeting a large number of people. This year however, Costin says, we can expect much more precise attacks.
“In 2014, there was a move towards the commercialization of APT attacks. Spyware sales cannot be controlled. These dangerous software end up in the hands of even less trustworthy groups and individuals,” Costin explained. The prediction for 2015 is that more companies will be targeted on “legal surveillance tools” with dual-use technology.
“Kaspersky will seek to use the combination of technologies with surveillance to counter these threats,” Costin concludes.